Bruce Schneier tells Computer Weekly why ID cards could exacerbate crime and why the only way to beat ID theft is to make banks responsible for its prevention.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The UK's plans for biometric identity cards are a waste of money, one of the world's leading experts on computer security said this week.

In an interview with Computer Weekly, Bruce Schneier, security author and chief technology officer of internet security group Counterpane, said the programme could do more harm than good.

"ID cards are a waste of money. The amount of good they will do is not nearly worth the cost. They will not reduce crime, fraud or illegal immigration," he said.

The adoption of ID cards would encourage criminals to attempt forgeries, he said, potentially exacerbating crime rather than reducing it.

"Every credential has been forged. As you make a credential more valuable, there is more impetus to forge it. The reason identity theft is so nasty now is that your identity is so much more valuable than it used to be. By putting in the infrastructure, we have made the crime more common. That's scary."

He said the UK government, like other governments around the world, was investing in the technology as a form of control but marketing it as better security.

"We are living in a world where governments are looking for more control. They are looking for measures that increase control. It is being sold as security but it is really control," he said.

Schneier said that the US plans to spend £10bn on a programme to build checkpoints at airports to prevent terrorists boarding planes are a similar waste of money.

"If you had a list of people that were so dangerous you would never let them on an aircraft and £10bn, would you build a series of checkpoints at airports just in case they happened to walk through them, or hire FBI agents to investigate those people?" he said.

"We are building a security system that only works if the terrorist happens to choose the tactic of going on an aircraft, yet we are affecting the privacy of every airline passenger."

Schneier said ID theft will only be solved when banks are given responsibility to prevent it. "As soon as it becomes the banks' problem, it will be solved. The entity that is responsible for the risk will mitigate the risk."

Credit card fraud in the US fell dramatically after the banks become responsible for refunding customers with losses of more than £25 caused by fraud, he said.

Schneier is the author of eight books including Beyond fear: thinking sensibly about security in an uncertain world. Secrets and lies: digital security in a networked world has sold 100,000 copies. Applied cryptography, now in its second edition, has sold more than 150,000 copies and has been translated into five languages.

He writes the e-mail newsletter Crypto-Gram, which has over 100,000 readers. He is a frequent writer and lecturer on cryptography, computer security and privacy.

Schneier designed the Blowfish and Twofish encryption algorithms, the latter a finalist for the new Federal Advanced Encryption Standard. He holds a masters degree in computer science from American University and a degree in physics from the University of Rochester.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy